I have a web application running on jboss 3.2.7. My client has decided to run it through an SSL Offloader. User agents access the offloader server which handles encryption and decryption then forwards request to the non-ssl jboss server.
I'm having a problem authenticating protected resources with this arrangement. When I make a request for a protected resource, say: https://offloader.example.com/app/protected/resource I am properly redirected to my login form. When I then POST the login form, I get a 302 Moved Temporarily response, but the Location header contains a non-ssl URI. Here is the request/response headers for the login form POST: POST /app/j_security_check HTTP/1.1 | Host: offloader.example.com | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6 | Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 | Accept-Language: en-us,en;q=0.5 | Accept-Encoding: gzip,deflate | Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 | Keep-Alive: 300 | Connection: keep-alive | Referer: https://offloader.example.com/app/protected/resource | Cookie: JSESSIONID=BF689766D55E7AD2DE64A7771A47086D | Content-Type: application/x-www-form-urlencoded | Content-Length: 37 | | j_username=test&j_password=test | | HTTP/1.x 302 Moved Temporarily | Location: http://offloader.example.com/app/protected/resource | Content-Length: 0 | Date: Wed, 14 Sep 2005 22:25:29 GMT | Server: Apache-Coyote/1.1 | Note the Location header in the response is a port 80 URL. Since the offloader server doesn't expose port 80 to the world, the redirect times out. Note also that the JSESSIONID cookie is properly set and any further requests to protected resources now work, it's just the initial redirect that fails. Is there something I can do to configure this 302 response to produce an https Location header? I've perused the source code but I'm not familiar enough with it to be able to determine where this is happening. I realize this may be a Tomcat question, but I thought I'd try here first. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3894946#3894946 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3894946 ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
